CVE-2026-10708
CVE-2026-10708 relates to Adalo’s platform where a single request to a minimal leaderboard component can return user records (emails, UUIDs, custom fields) due to a combination of wildcard CORS, long‑lived tokens (about 20 days), and lack of token revocation. Connected documents confirm this is a...